[Git][security-tracker-team/security-tracker][master] Add new tomcat issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 10 22:51:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7cb2a396 by Salvatore Bonaccorso at 2025-07-10T23:51:03+02:00
Add new tomcat issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,7 +61,13 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it ea
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
TODO: check
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b (11.0.9)
+ NOTE: https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb (10.1.43)
+ NOTE: https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b (9.0.107)
CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vu ...)
NOT-FOR-US: Trend Micro
CVE-2025-53378 (A missing authentication vulnerability in Trend Micro Worry-Free Busin ...)
@@ -78,13 +84,21 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and b
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
- TODO: check
+ - tomcat11 <unfixed>
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db (11.0.9)
+ NOTE: https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c (10.1.43)
+ NOTE: https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040 (9.0.107)
CVE-2025-52473 (liboqs is a C-language cryptographic library that provides implementat ...)
- liboqs <removed>
NOTE: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm
NOTE: https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897 (0.14.0-rc1)
CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
- TODO: check
+ - tomcat9 9.0.70-2
+ NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
+ NOTE: https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018 (9.0.107)
CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all versions from ...)
TODO: check
CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions through ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb2a3968f0e7a5e49ce2e132d6ba41fd254e706
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb2a3968f0e7a5e49ce2e132d6ba41fd254e706
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/b1ee4774/attachment.htm>
More information about the debian-security-tracker-commits
mailing list